IRRd-Discuss
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: filtering crypt-pw from ftp export
- From: Larry Blunk
- Date: Thu Jul 09 09:59:40 2009
Richard Doty wrote:
Greetings,
I've been looking at enabling cryptpw-access on my IRRd mirrors to
hide the crypt strings, and am wondering about ftp export. It looks
like the only cryptpw hiding that's available in IRRd is through
mirroring or direct queries, is that right? So if I want a clean ftp
file to distribute, I need to generate it on a server that mirrors the
registry and receives a crypt-filtered stream?
Thanks for any insights,
Richard.
Richard,
There is a "compress_script" option to handle this case.
It specifies an external script to be used for making exports.
Here is a script (remove_cryptpw_gz.pl) that replaces
CRYPT-PW's and compresses the db file. It can also save the
real CRYPT-PW's in a separate file.
#!/usr/bin/perl
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$datestr);
my $savecrypts = 1;
my $newmnt = 0;
my $mntner;
if (open(GZIP, "|/usr/bin/gzip -q -c") < 0) {
exit (-1);
}
if ($savecrypts == 1) {
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = localtime();
$datestr = sprintf("%04d%02d%02d", $year + 1900, $mon + 1, $mday);
$cryptdbname = "/irr/radb-pwdb/radb-cryptpw.$datestr";
if (-e $cryptdbname) { # if file already exists, don't generate again
$savecrypts = 0;
} else {
open(CRYPTDB, "> $cryptdbname");
}
}
while (<>) {
if ($savecrypts == 1) {
if (/^mntner:/) {
$mntner = $_;
$newmnt = 1;
$deletedmnt = 0;
}
if (/^\*xxner:/) {
$deletedmnt = 1;
}
}
if (/^(auth:\s+CRYPT-PW\s+)(.{13})(.*)$/i) {
print GZIP "${1}HIDDENCRYPTPW${3}\n";
if ($savecrypts == 1 && $deletedmnt == 0) {
if ($newmnt == 1) {
print CRYPTDB $mntner;
$newmnt = 0;
}
print CRYPTDB $_;
}
}
else {
print GZIP $_;
}
}
if ($savecrypts == 1) {
close(CRYTPDB);
}
close(GZIP);
exit(0);
|
